[ad_1]
Microsoft Corp.
MSFT -0.78%
is investigating whether a global cyberattack on tens of thousands of its corporate clients could be linked to an information leak by the company or its partners, according to people familiar with the matter.
The investigation focuses in part on how a stealth attack that began in early January gained momentum in the week before the company could send a software patch to customers. Around this time, a handful of China-linked hacking groups obtained the tools to launch large-scale cyber attacks that have now infected computers around the world running Microsoft’s Exchange email software.
Some of the tools used in the second wave of the attack, which reportedly began on February 28, have similarities to the “proof of concept” attack code that Microsoft has distributed to antivirus companies and other partners. security on February 23, according to investigators. to security companies say. Microsoft had planned to release its security patches two weeks later, on March 9, but after the start of the second wave, it pushed the patches a week earlier, on March 2, according to the researchers.
The investigation included an information-sharing program called the Microsoft Active Protections Program, which was created in 2008 to give security companies a head start in detecting emerging threats. Mapp includes around 80 security companies around the world, ten of which are based in China. A subset of the Mapp partners received the February 23 Microsoft notification, which included the proof of concept code, according to sources familiar with the program. A Microsoft spokesperson declined to say if any Chinese companies were included in this post.
How the hackers got the tools is important to Microsoft and others scrambling to assess the damage from the historically significant cyberattack, which allowed other hacker groups to take advantage of the vulnerabilities for their own ends. . Microsoft said this week it spotted ransomware, or malware that locks down victims’ computers until they pay hackers, being used to target networks that have yet to be patched. Since many of the targeted organizations are small businesses, schools, and local governments, security experts said they could be particularly vulnerable to debilitating attacks.
Senior officials in the Biden administration have described the problem in dire terms over the past week, urging organizations to fix their systems immediately. No federal system is currently known to have been compromised, although officials are still probing for possible exposure of the agencies. President Biden has been made aware of the hack and the administration has established an interagency cybersecurity coordination group focused on the hack, a spokesperson for the National Security Council said.
Microsoft said there would be consequences if the Mapp partnership was abused. “If it were found that a Mapp partner was the source of a leak, they would face consequences if the conditions for participation in the program were breached,” a Microsoft spokesperson said by e -mail.
In 2012, Microsoft kicked out a Chinese company, Hangzhou DPTech Technologies Co., Ltd., from Mapp after determining that it disclosed proof of concept code that could be used in an attack and that code appeared on a website. Chinese.
Write to Robert McMillan at [email protected] and Dustin Volz at [email protected]
Copyright © 2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8
[ad_2]
Source link